CWE-589 - Call to Non-ubiquitous API

Read Time:44 Second

Description

The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.

Some functions that offer security features supported by the OS are not available on all versions of the OS in common use. Likewise, functions are often deprecated or made obsolete for security reasons and should not be used.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-474

Consequences

Other: Quality Degradation

Potential Mitigations

Phase: Implementation

Description:

Always test your code on any platform on which it is targeted to run on.

Phase: Testing

Description:

Test your code on the newest and oldest platform on which it is targeted to run on.

Phase: Testing

Description:

Develop a system to test for API functions that are not portable.

CVE References

InCall to Non-ubiquitous API, CWE- 589

Cyber Security News

Patch Tuesday, May 2024 Edition

Data Breaches in US Schools Exposed 37.6M Records

Upcoming Speaking Engagements

Ebury Botnet Operators Diversify with Financial and Crypto Theft

CISA and Partners Unveil Cybersecurity Guide For Civil Society Groups

How Scammers Hijack Your Instagram

NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled

China Presents Defining Challenge to Global Cybersecurity, Says GCHQ

44% of Cybersecurity Professionals Struggle with Regulatory Compliance

CWE-589 – Call to Non-ubiquitous API

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

CWE-669 – Incorrect Resource Transfer Between Spheres

CWE-67 – Improper Handling of Windows Device Names

CWE-670 – Always-Incorrect Control Flow Implementation

CWE-671 – Lack of Administrator Control over Security